Description
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by an Admin user.
Remediation
References
Related Vulnerabilities
WordPress Plugin CM Download Manager Multiple Vulnerabilities (2.0.6)
WordPress Plugin Fancy Product Designer-WooCommerce Cross-Site Scripting (4.5.0)
Joomla Improper Input Validation Vulnerability (CVE-2011-2892)
Drupal Reliance on Cookies without Validation and Integrity Checking Vulnerability (CVE-2022-29248)